Privacy Policy

Privacy Policy

1. Introduction & Data Controller Identity

Last updated: 26 May 2026

This Privacy Policy outlines how your personal data is collected, used, and protected when you interact with our School and enroll in our courses.

Under the General Data Protection Regulation (GDPR), the "Data Controller" responsible for processing your personal information is:

Nico Kaupenjohann
c/o POSTFLEX PFX-249-728
Emsdettener Str. 10
48268 Greven

Legal Contact Email: contact@kaupenjoe.net (Not For Customer Support)
Customer Support Email: coursesupport@kaupenjoe.net

For our full legal disclosure, please see our Impressum.

2. Data We Collect & How We Collect It

We only collect personal information that is necessary to provide you with our educational services. We collect this data when you create an account, purchase a course, or communicate with us.

  • Account Information: Name and email address.
  • Course Data: Your progress, quiz results, and login timestamps.
  • Financial Information: Please note that we do not directly collect or store your credit card details. All payments are securely processed by our platform provider and Merchant of Record, Teachable, Inc.
  • Technical Data: IP addresses, browser types, and device information automatically collected by our hosting platform for security and analytics.

3. Purposes and Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds defined in Art. 6(1) of the GDPR:

  • Fulfillment of a Contract (Art. 6(1)(b)): To create your account, grant you access to the purchased course materials, and provide customer support.
  • Consent (Art. 6(1)(a)): If you voluntarily subscribe to our newsletter or promotional emails, we process your email address based on your explicit consent. You may withdraw this consent at any time by clicking the "unsubscribe" link in our emails.
  • Legitimate Interests (Art. 6(1)(f) GDPR): To ensure the security, stability, and abuse prevention of the School (including logging, error monitoring, and fraud detection). We have assessed that these interests are not overridden by your fundamental rights, given the limited scope and security purpose of the processing. Analytics processing performed by Teachable as independent Controller falls under Teachable's own legal basis assessment as set out in their Privacy Policy.

4. Data Sharing and Third-Party Processors

We do not sell, trade, or rent your personal information. Your data is processed by the following parties:

  • Teachable, Inc. (Platform Host & Merchant of Record): Our School is hosted on the Teachable platform, operated by Teachable, Inc. (New York, USA), a subsidiary of Hotmart Company (Brazil). Teachable provides the infrastructure for course delivery, user management, and payment processing, and acts as Merchant of Record for all purchases. Per Teachable's Data Processing Agreement (Section B), Teachable acts as an independent Data Controller for the platform-level data it collects (including platform analytics, error monitoring, fraud prevention, and session management) and as our Data Processor for account data we direct it to handle on our behalf. For Teachable's own data practices, please refer to Teachable's Privacy Policy and Cookies Policy.
  • International Data Transfers (Art. 44–49 GDPR): Your data is transferred to and processed in the United States (Teachable, Inc.) and may be transferred to Brazil (Hotmart Company). For transfers to the United States, we rely on Teachable's certification under the EU-U.S. Data Privacy Framework. For transfers to other jurisdictions outside the European Economic Area, we rely on Standard Contractual Clauses (Module Two, EU Commission Decision 2021/914) executed with Teachable under Section 13 of their DPA.

5. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy or as required by law:

  • Account data (name, email, course progress): retained while your account is active, and deleted within a reasonable period after you request account deletion.
  • Transaction and invoice data: retained for 10 years following the end of the calendar year in which the transaction occurred, as required by § 147 AO (German tax law) and § 257 HGB (German commercial law). This obligation applies to Teachable as Merchant of Record and, in part, to us.
  • Newsletter subscription data: retained until you unsubscribe.
  • Support correspondence: retained for up to 3 years after the last contact, to handle potential follow-up inquiries and warranty matters.

After expiration of these periods, your data is deleted or anonymized.

6. Your Privacy Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following explicit rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You can request the deletion of your account and personal data by contacting us or emailing privacy@teachable.com.
  • Right to Restrict Processing: You can ask us to suspend the processing of your data.
  • Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your data for direct marketing or legitimate interests.

To exercise any of these rights, please contact us at contact@kaupenjoe.net.

The competent data protection supervisory authority for our processing is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf
Website: www.ldi.nrw.de

You may also lodge a complaint with the supervisory authority in your country of residence.

7. Cookies, Third-Party Services & Consent Management

Our School is hosted on the Teachable platform, which natively utilizes various cookies and third-party services. To ensure your privacy and comply with the strict requirements of the GDPR and the German Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG), we use a Consent Management Platform (CMP) provided by Cookiebot (Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark).

1. Cookie Management via Cookiebot
When you visit our site, we have deployed Cookiebot to manage cookie consent and to block or remove non-essential cookies prior to your consent. Cookiebot is configured in conjunction with additional consent-layer controls we have implemented to suppress non-essential tracking until you provide explicit consent (§ 25 Abs. 1 TDDDG; Art. 6 Abs. 1 lit. a GDPR). You can change or withdraw your consent at any time using the cookie settings widget on our website.

Cookiebot stores a consent record (anonymized user ID, IP address, timestamp, and your consent choices) for the legally required documentation period of up to 12 months, based on our legal obligation to demonstrate consent (Art. 7(1) GDPR; § 25 TDDDG). The processor is Usercentrics A/S (Denmark, EEA). For details, see Cookiebot's privacy policy.

Our School operates on the Teachable platform. Certain platform-level functions provided by Teachable, including those Teachable performs as independent Controller per Section B.1 of their DPA, are operated under Teachable's own legal basis and consent mechanisms. For these, please refer to Teachable's Cookies Policy and Privacy Policy.

2. Strictly Necessary Cookies (No Consent Required)
Certain cookies are technically necessary to provide the core functionality of the platform (e.g., logging in, secure checkout, fraud prevention) or to record your tracking preferences. These are loaded immediately based on our legitimate interest in providing a functional, secure service (§ 25 Abs. 2 TDDDG; Art. 6 Abs. 1 lit. b & f GDPR). These include:

  • Session & Security: _session_id, site_preview, Cloudflare bot protection, Google reCAPTCHA (provided by Google LLC, USA, under the EU-U.S. Data Privacy Framework; loaded based on legitimate interest in preventing automated abuse per Art. 6(1)(f) GDPR).
  • Payment Processing: Stripe cookies (__ssid, __stripe_mid, __stripe_sid) required to securely process course purchases and prevent payment fraud.
  • Tracking Opt-Out Marker: ahoy_track (set to false prior to your consent). This cookie is a technical opt-out marker that instructs the Teachable platform's internal analytics framework to suppress tracking until you have given explicit consent. As an opt-out mechanism, this cookie itself does not perform tracking.
  • Affiliate Attribution: _afid, aid — first-party cookies used by the Teachable platform to attribute course purchases to referring affiliates for contractually agreed commission payouts (Art. 6(1)(b) GDPR — contract performance with affiliate partners).

3. Analytics, Performance & Error Monitoring (Consent Required)
Teachable's platform incorporates various analytics, performance monitoring, and error reporting services. To ensure your privacy, we have implemented technical measures — including Cookiebot's consent management and an additional network-level consent layer — to prevent these services from loading, transmitting data, or storing cookies on your device prior to your explicit consent. These services include:

  • Web & Platform Analytics: Google Analytics 4 (cookies _ga, _ga_*; provided by Google LLC, USA, under the EU-U.S. Data Privacy Framework), Heap Analytics (cookies _hp2_*), Segment (cookies ajs_*), and Teachable's first-party Ahoy analytics framework (cookies ahoy_visit, ahoy_visitor).
  • Error Monitoring & Performance: Sentry, New Relic.
  • Fraud Prevention (Behavioral): Sift, where loaded as part of behavioral fraud screening beyond the checkout context.

Upon your explicit consent, these services may load as part of Teachable's platform operation. Per Section B.1 of Teachable's Data Processing Agreement, Teachable acts as independent Data Controller for these services and is responsible for their legal basis, processing scope, and data subject rights handling once active. For a comprehensive description, refer to Teachable's Cookies Policy.

4. External Trackers
We have not added any of our own marketing tracking on top of the Teachable platform. We do not operate a Facebook Pixel, Google Ads conversion tracking, TikTok Pixel, LinkedIn Insight Tag, or similar marketing or remarketing trackers on this domain.

8. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in our practices or legal obligations. We will notify you of material changes by email to your registered address. Non-material changes will be reflected by updating the "last updated" date at the top of this policy.

9. Data Protection Officer and Legal Framework

We are an individual business operation (Einzelunternehmen) and do not meet the thresholds set out in § 38 BDSG (Bundesdatenschutzgesetz) requiring the appointment of a Data Protection Officer. For all data protection inquiries, please contact us directly at contact@kaupenjoe.net.

This Privacy Policy fulfills the information obligations under Art. 13 and 14 GDPR, § 13 DDG (Digitale-Dienste-Gesetz), and applicable provisions of the BDSG.

#1 Modding Tutorials & Courses. Learn NeoForge, Fabric, and Forge step by step! Beginner friendly.

Courses

Account

Connect

Legal

© 2026 Kaupenjoe. All rights reserved.

Powered by Teachable